Is there a method to allow Point-to-Site VPN connection to a Azure VNet only from specific set of public IP addresses?
Question
I have Azure VNET and a VPN Gateway setup. Point-to-Site VPN connection has been setup, so users can access VMs on the VNET. Is there anyway I can allow VPN connection only if connection is coming from a known public facing IP address from corporate on-prem network?
1 answers
solution1
2 ACCPTED 2020-07-09 09:07:53
Point-to-site VPN connection is between a single PC connected to your network and Azure VPN gateway over the internet. The VPN client was assigned private IP address from the address pool. This on-demand connection is initiated by the user and secured by using a certificate. The connection uses the SSTP protocol on port 443 to provide encrypted communication over the internet between the PC and the VNet.
If you only allow some clients to set up VPN connection, you just need to install client certificate on some specific client machine and don't install client certificate on some clients that you don't want to connect to VPN gateway. If you want to restrict the access from some clients to access your VMs on the VNET. The clients should disconnect the VPN connection and restrict it's public IP address in the NSG associated with that Azure VM subnet or NIC.
P2S connections are useful for remote employees or those that only want to establish connectivity when they need it and can disconnect from the Azure VNet when they are finished with their tasks.
You could get more details from this wonderful blog .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.